diff --git a/SOURCES/net-snmp-5.8-asn-parse-nlength.patch b/SOURCES/net-snmp-5.8-asn-parse-nlength.patch new file mode 100644 index 0000000..23823f5 --- /dev/null +++ b/SOURCES/net-snmp-5.8-asn-parse-nlength.patch @@ -0,0 +1,86 @@ +From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Mon, 4 Jan 2021 12:21:59 -0800 +Subject: [PATCH] libsnmp: Fix asn_parse_nlength() + +Handle length zero correctly. + +Fixes: https://github.com/net-snmp/net-snmp/issues/253 +Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths") +--- + snmplib/asn1.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/snmplib/asn1.c b/snmplib/asn1.c +index e983500e7..33c272768 100644 +--- a/snmplib/asn1.c ++++ b/snmplib/asn1.c +@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len) + * long length; first byte is length of length (after masking high bit) + */ + len_len = (int) ((*pkt & ~0x80) + 1); +- if ((int) pkt_len <= len_len ) ++ if (pkt_len < len_len) + return NULL; /* still too short for length and data */ + + /* now we know we have enough data to parse length */ +From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Mon, 4 Jan 2021 10:00:33 -0800 +Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this + test + +Add a reproducer for the bug fixed by the previous patch. +--- + .../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++ + 1 file changed, 41 insertions(+) + create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c + +diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c +new file mode 100644 +index 000000000..5c21ccdc7 +--- /dev/null ++++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c +@@ -0,0 +1,41 @@ ++/* HEADER Parsing of an SNMP trap with no varbinds */ ++netsnmp_pdu pdu; ++int rc; ++static u_char trap_pdu[] = { ++ /* Sequence with length of 0x2d = 45 bytes. */ ++ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d, ++ /* version = INTEGER 0 */ ++ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00, ++ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */ ++ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75, ++ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63, ++ /* SNMP_MSG_TRAP; 32 bytes. */ ++ [15] = 0xa4, [16] = 0x20, ++ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */ ++ [17] = 0x06, [18] = 0x08, ++ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06, ++ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05, ++ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */ ++ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8, ++ [31] = 0x01, [32] = 0x22, ++ /* generic-trap = INTEGER 0 */ ++ [33] = 0x02, [34] = 0x01, [35] = 0x00, ++ /* specific-trap = INTEGER 0 */ ++ [36] = 0x02, [37] = 0x01, [38] = 0x00, ++ /* ASN_TIMETICKS 0x117f243a */ ++ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f, ++ [43] = 0x24, [44] = 0x3a, ++ /* varbind list */ ++ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00, ++}; ++static size_t trap_pdu_length = sizeof(trap_pdu); ++netsnmp_session session; ++ ++snmp_set_do_debugging(TRUE); ++debug_register_tokens("dumpv_recv,dumpv_send,asn,recv"); ++memset(&session, 0, sizeof(session)); ++snmp_sess_init(&session); ++memset(&pdu, 0, sizeof(pdu)); ++rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length); ++ ++OKF((rc == 0), ("Parsing of a trap PDU")); + diff --git a/SOURCES/net-snmp-5.8-clientaddr-error-message.patch b/SOURCES/net-snmp-5.8-clientaddr-error-message.patch new file mode 100644 index 0000000..c423f21 --- /dev/null +++ b/SOURCES/net-snmp-5.8-clientaddr-error-message.patch @@ -0,0 +1,35 @@ +diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c +--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100 ++++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100 +@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M + "No error", /* SNMPERR_SUCCESS */ + "Generic error", /* SNMPERR_GENERR */ + "Invalid local port", /* SNMPERR_BAD_LOCPORT */ +- "Unknown host", /* SNMPERR_BAD_ADDRESS */ ++ "Invalid address", /* SNMPERR_BAD_ADDRESS */ + "Unknown session", /* SNMPERR_BAD_SESSION */ + "Too long", /* SNMPERR_TOO_LONG */ + "No socket", /* SNMPERR_NO_SOCKET */ +@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session) + DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n")); + in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS; + in_session->s_errno = errno; +- snmp_set_detail(in_session->peername); ++ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, ++ NETSNMP_DS_LIB_CLIENT_ADDR)) ++ snmp_set_detail(in_session->peername); + return NULL; + } + +diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c +--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100 ++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100 +@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn + DEBUGMSGTL(("netsnmp_udpbase", + "failed to bind for clientaddr: %d %s\n", + errno, strerror(errno))); ++ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n", ++ strerror(errno))); + netsnmp_socketbase_close(t); + return 1; + } diff --git a/SOURCES/net-snmp-5.8-empty-passphrase.patch b/SOURCES/net-snmp-5.8-empty-passphrase.patch new file mode 100644 index 0000000..deb0388 --- /dev/null +++ b/SOURCES/net-snmp-5.8-empty-passphrase.patch @@ -0,0 +1,30 @@ +From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001 +From: Josef Ridky +Date: Wed, 18 Nov 2020 20:54:34 -0800 +Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly + +See also https://github.com/net-snmp/net-snmp/issues/86. + +Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line") +Reported-by: Chris Cheney +--- + net-snmp-create-v3-user.in | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in +index 452c2699d..31b4c58c1 100644 +--- a/net-snmp-create-v3-user.in ++++ b/net-snmp-create-v3-user.in +@@ -120,7 +120,11 @@ fi + fi + outdir="@PERSISTENT_DIRECTORY@" + outfile="$outdir/snmpd.conf" +-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\"" ++if test "x$xpassphrase" = "x" ; then ++ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm" ++else ++ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\"" ++fi + echo "adding the following line to $outfile:" + echo " " $line + # in case it hasn't ever been started yet, start it. diff --git a/SOURCES/net-snmp-5.8-ipv6-disabled.patch b/SOURCES/net-snmp-5.8-ipv6-disabled.patch new file mode 100644 index 0000000..824c09c --- /dev/null +++ b/SOURCES/net-snmp-5.8-ipv6-disabled.patch @@ -0,0 +1,31 @@ +diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c +--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-09-29 14:08:09.742478965 +0200 ++++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-10-01 14:20:25.575174851 +0200 +@@ -19,6 +19,7 @@ + + #include + #include ++#include + + netsnmp_feature_require(prefix_info) + netsnmp_feature_require(find_prefix_info) +@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i + + #define PROCFILE "/proc/net/if_inet6" + if (!(in = fopen(PROCFILE, "r"))) { +- NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE)); ++ ++ /* ++ * If PROCFILE exists, but isn't readable, file ERROR message. ++ * Otherwise log nothing, due of IPv6 support on this machine is ++ * intentionaly disabled/unavailable. ++ */ ++ ++ struct stat filestat; ++ ++ if(stat(PROCFILE, &filestat) == 0){ ++ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE)); ++ } + return -2; + } + diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec index e26f3d5..7fa1420 100644 --- a/SPECS/net-snmp.spec +++ b/SPECS/net-snmp.spec @@ -10,7 +10,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.8 -Release: 18%{?dist}.1 +Release: 20%{?dist} Epoch: 1 License: BSD @@ -58,6 +58,10 @@ Patch29: net-snmp-5.8-sec-memory-leak.patch Patch30: net-snmp-5.8-aes-config.patch Patch31: net-snmp-5.7.2-CVE-2020-15862.patch Patch32: net-snmp-5.8-bulk.patch +Patch33: net-snmp-5.8-clientaddr-error-message.patch +Patch34: net-snmp-5.8-ipv6-disabled.patch +Patch35: net-snmp-5.8-empty-passphrase.patch +Patch36: net-snmp-5.8-asn-parse-nlength.patch # Modern RPM API means at least EL6 Patch101: net-snmp-5.8-modern-rpm-api.patch @@ -215,6 +219,10 @@ rm -r python %patch30 -p1 -b .aes-config %patch31 -p1 -b .CVE-2020-15862 %patch32 -p1 -b .bulk +%patch33 -p1 -b .clientaddr-error-message +%patch34 -p1 -b .ipv6-disabled +%patch35 -p1 -b .empty-passphrase +%patch36 -p1 -b .asn-parse-nlength %patch101 -p1 -b .modern-rpm-api @@ -469,12 +477,20 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_libdir}/libnetsnmptrapd*.so.%{soname}* %changelog -* Tue Dec 01 2020 Josef Ridky - 1:5.8-18.1 -- revert permission of config files to 600 (#1902662) +* Tue Jan 05 2021 Josef Ridky - 1:5.8-20 +- fix issue with parsing of long traps (#1912242) +- modify fix for #1877375 + +* Tue Dec 01 2020 Josef Ridky - 1:5.8-19 +- revert permission of config files to 600 (#1601060) +- fix error message when the address specified by clientaddr option + is wrong or cannot be bound (#1877375) +- log error with /proc/net/if_inet6 only when IPv6 is enabled (#1824367) +- fix issue with quoting empty passphrase (#1817225) * Wed Nov 11 2020 Josef Ridky - 1:5.8-18 -- fix CVE-2020-15862 (#1886100) -- fix bulk responses for invalid PID (#1896760) +- fix CVE-2020-15862 (#1875497) +- fix bulk responses for invalid PID (#1817190) * Tue Aug 11 2020 Josef Ridky - 1:5.8-17 - add math library in LDFLAGS (#1846252)